package com.fmy.mcsecurity.config;

import com.fmy.mcsecurity.config.builders.HttpMcSecurity;
import com.fmy.mcsecurity.config.filter.JITokenContextFilter;
import com.fmy.mcsecurity.config.filter.RefreshTokenFilter;
import com.fmy.mcsecurity.config.filter.UsernamePassParamsFilter;
import com.fmy.mcsecurity.login.hander.LoginHandler;
import com.fmy.mcsecurity.login.hander.TokenVerfiyExceptionHander;
import com.fmy.mcsecurity.token.TokenManager;
import com.fmy.mcsecurity.token.TokenVerification;
import com.fmy.mcsecurity.login.service.RefreshTokenService;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * @author Mr.fmy
 * @version 1.0.0
 * @ClassName JISecurityConfig
 * @Description TODO 自定义配置的 SecurityConfig
 * @createTime 2019/10/23 13:40
 */
public abstract class McSecurityConfig extends WebSecurityConfigurerAdapter {

    private UsernamePassParamsFilter usernamePassParamsFilter;
    private JITokenContextFilter tokenContextFilter;
    private RefreshTokenFilter refreshTokenFilter;

    @Override
    public void init(WebSecurity web) throws Exception {
        super.init(web);
        initSecurity(this.getHttp());
        configure(new HttpMcSecurity(usernamePassParamsFilter, tokenContextFilter, refreshTokenFilter,
                getApplicationContext()));
    }

    private void initSecurity(HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);//关闭Session
        http.headers().cacheControl();
        initHander(http);//初始化登录成功失败自定义处理类
        initFilter(http);//初始化自定义的Filter
    }


    protected void configure(HttpMcSecurity security) {

    }

    private void initHander(HttpSecurity http) throws Exception {
        http.formLogin()
                .successHandler(getApplicationContext().getBean(AuthenticationSuccessHandler.class))
                .failureHandler(getApplicationContext().getBean(AuthenticationFailureHandler.class));
    }

    private void initFilter(HttpSecurity http) throws Exception {
        usernamePassParamsFilter = new UsernamePassParamsFilter();
        http.addFilterBefore(usernamePassParamsFilter, UsernamePasswordAuthenticationFilter.class);
        refreshTokenFilter = new RefreshTokenFilter(getApplicationContext().getBean(RefreshTokenService.class),
                getApplicationContext().getBean(AuthenticationSuccessHandler.class),
                getApplicationContext().getBean(AuthenticationFailureHandler.class),
                getApplicationContext().getBean(TokenManager.class));
        http.addFilterAfter(refreshTokenFilter, UsernamePasswordAuthenticationFilter.class);
        tokenContextFilter = new JITokenContextFilter(getApplicationContext().getBean(TokenVerification.class),
                getApplicationContext().getBean(LoginHandler.class));
        http.addFilterAfter(tokenContextFilter, UsernamePasswordAuthenticationFilter.class);

    }
}
